1edd09a25SMariusz Zaborski.\" Copyright (c) 2018 Mariusz Zaborski <oshogbo@FreeBSD.org> 2edd09a25SMariusz Zaborski.\" All rights reserved. 3edd09a25SMariusz Zaborski.\" 4edd09a25SMariusz Zaborski.\" Redistribution and use in source and binary forms, with or without 5edd09a25SMariusz Zaborski.\" modification, are permitted provided that the following conditions 6edd09a25SMariusz Zaborski.\" are met: 7edd09a25SMariusz Zaborski.\" 1. Redistributions of source code must retain the above copyright 8edd09a25SMariusz Zaborski.\" notice, this list of conditions and the following disclaimer. 9edd09a25SMariusz Zaborski.\" 2. Redistributions in binary form must reproduce the above copyright 10edd09a25SMariusz Zaborski.\" notice, this list of conditions and the following disclaimer in the 11edd09a25SMariusz Zaborski.\" documentation and/or other materials provided with the distribution. 12edd09a25SMariusz Zaborski.\" 13edd09a25SMariusz Zaborski.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 14edd09a25SMariusz Zaborski.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15edd09a25SMariusz Zaborski.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16edd09a25SMariusz Zaborski.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 17edd09a25SMariusz Zaborski.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18edd09a25SMariusz Zaborski.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19edd09a25SMariusz Zaborski.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20edd09a25SMariusz Zaborski.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21edd09a25SMariusz Zaborski.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22edd09a25SMariusz Zaborski.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23edd09a25SMariusz Zaborski.\" SUCH DAMAGE. 24edd09a25SMariusz Zaborski.\" 25*cf037972SAlan Somers.Dd December 6, 2023 26edd09a25SMariusz Zaborski.Dt CAP_SYSCTL 3 27edd09a25SMariusz Zaborski.Os 28edd09a25SMariusz Zaborski.Sh NAME 291608c46eSMark Johnston.Nm cap_sysctl 30edd09a25SMariusz Zaborski.Nd "library for getting or setting system information in capability mode" 31edd09a25SMariusz Zaborski.Sh LIBRARY 32edd09a25SMariusz Zaborski.Lb libcap_sysctl 33edd09a25SMariusz Zaborski.Sh SYNOPSIS 34edd09a25SMariusz Zaborski.In libcasper.h 35edd09a25SMariusz Zaborski.In casper/cap_sysctl.h 36edd09a25SMariusz Zaborski.Ft int 371608c46eSMark Johnston.Fn cap_sysctl "cap_channel_t *chan" "const int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" "const void *newp" "size_t newlen" 381608c46eSMark Johnston.Ft int 39edd09a25SMariusz Zaborski.Fn cap_sysctlbyname "cap_channel_t *chan" "const char *name" "void *oldp" "size_t *oldlenp" "const void *newp" "size_t newlen" 401608c46eSMark Johnston.Ft int 411608c46eSMark Johnston.Fn cap_sysctlnametomib "cap_channel_t *chan" "const char *name" "int *mibp" "size_t *sizep" 426c93a2d0SAlan Somers.Ft cap_sysctl_limit_t * 431608c46eSMark Johnston.Fn cap_sysctl_limit_init "cap_channel_t *chan" 446c93a2d0SAlan Somers.Ft cap_sysctl_limit_t * 456c93a2d0SAlan Somers.Fn cap_sysctl_limit_name "cap_sysctl_limit_t *limit" "const char *name" "int flags" 466c93a2d0SAlan Somers.Ft cap_sysctl_limit_t * 476c93a2d0SAlan Somers.Fn cap_sysctl_limit_mib "cap_sysctl_limit_t *limit" "const int *mibp" "u_int miblen" "int flags" 481608c46eSMark Johnston.Ft int 496c93a2d0SAlan Somers.Fn cap_sysctl_limit "cap_sysctl_limit_t *limit" 50edd09a25SMariusz Zaborski.Sh DESCRIPTION 511608c46eSMark JohnstonThe 521608c46eSMark Johnston.Fn cap_sysctl , 53edd09a25SMariusz Zaborski.Fn cap_sysctlbyname 541608c46eSMark Johnstonand 551608c46eSMark Johnston.Fn cap_sysctlnametomib 561608c46eSMark Johnstonfunctions are equivalent to 571608c46eSMark Johnston.Xr sysctl 3 , 58edd09a25SMariusz Zaborski.Xr sysctlbyname 3 591608c46eSMark Johnstonand 601608c46eSMark Johnston.Xr sysctlnametomib 3 , 611608c46eSMark Johnstonexcept that they are implemented by the 621608c46eSMark Johnston.Ql system.sysctl 631608c46eSMark Johnston.Xr libcasper 3 641608c46eSMark Johnstonservice and require a corresponding 651608c46eSMark Johnston.Xr libcasper 3 661608c46eSMark Johnstoncapability. 67*cf037972SAlan Somers.Pp 68*cf037972SAlan SomersAll of these functions, with the exceptions of 69*cf037972SAlan Somers.Fn cap_sysctl_limit_init 70*cf037972SAlan Somersand 71*cf037972SAlan Somers.Fn cap_sysctl_limit_mib , 72*cf037972SAlan Somersare reentrant but not thread-safe. 73*cf037972SAlan SomersThat is, they may be called from separate threads only with different 74*cf037972SAlan Somers.Vt cap_channel_t 75*cf037972SAlan Somersarguments or with synchronization. 76edd09a25SMariusz Zaborski.Sh LIMITS 771608c46eSMark JohnstonBy default, the 781608c46eSMark Johnston.Nm 791608c46eSMark Johnstoncapability provides unrestricted access to the sysctl namespace. 801608c46eSMark JohnstonApplications typically only require access to a small number of sysctl 811608c46eSMark Johnstonvariables; the 821608c46eSMark Johnston.Fn cap_sysctl_limit 831608c46eSMark Johnstoninterface can be used to restrict the sysctls that can be accessed using 841608c46eSMark Johnstonthe 851608c46eSMark Johnston.Nm 861608c46eSMark Johnstoncapability. 871608c46eSMark Johnston.Fn cap_sysctl_limit_init 881608c46eSMark Johnstonreturns an opaque limit handle used to store a list of permitted sysctls 891608c46eSMark Johnstonand access rights. 901608c46eSMark JohnstonRights are encoded using the following flags: 911608c46eSMark Johnston.Pp 921608c46eSMark Johnston.Bd -literal -offset indent -compact 931608c46eSMark JohnstonCAP_SYSCTL_READ allow reads of the sysctl variable 941608c46eSMark JohnstonCAP_SYSCTL_WRITE allow writes of the sysctl variable 951608c46eSMark JohnstonCAP_SYSCTL_RDWR allow reads and writes of the sysctl variable 961608c46eSMark JohnstonCAP_RECURSIVE permit access to any child of the sysctl variable 971608c46eSMark Johnston.Ed 981608c46eSMark Johnston.Pp 99edd09a25SMariusz ZaborskiThe 1001608c46eSMark Johnston.Fn cap_sysctl_limit_name 1011608c46eSMark Johnstonfunction adds the sysctl identified by 1021608c46eSMark Johnston.Ar name 1031608c46eSMark Johnstonto the limit list, and 1041608c46eSMark Johnston.Fn cap_sysctl_limit_mib 1051608c46eSMark Johnstonfunction adds the sysctl identified by 1061608c46eSMark Johnston.Ar mibp 1071608c46eSMark Johnstonto the limit list. 1081608c46eSMark JohnstonThe access rights for the sysctl are specified in the 1091608c46eSMark Johnston.Ar flags 1101608c46eSMark Johnstonparameter; at least one of 111edd09a25SMariusz Zaborski.Dv CAP_SYSCTL_READ , 1121608c46eSMark Johnston.Dv CAP_SYSCTL_WRITE 113edd09a25SMariusz Zaborskiand 114edd09a25SMariusz Zaborski.Dv CAP_SYSCTL_RDWR 1151608c46eSMark Johnstonmust be specified. 1161608c46eSMark Johnston.Fn cap_sysctl_limit 1171608c46eSMark Johnstonapplies a set of sysctl limits to the capability, denying access to sysctl 1181608c46eSMark Johnstonvariables not belonging to the set. 1196c93a2d0SAlan SomersIt consumes the limit handle. 1206c93a2d0SAlan SomersAfter either success or failure, the user must not access the handle again. 1211608c46eSMark Johnston.Pp 1221608c46eSMark JohnstonOnce a set of limits is applied, subsequent calls to 1231608c46eSMark Johnston.Fn cap_sysctl_limit 1241608c46eSMark Johnstonwill fail unless the new set is a subset of the current set. 1251608c46eSMark Johnston.Pp 1261608c46eSMark Johnston.Fn cap_sysctlnametomib 1271608c46eSMark Johnstonwill succeed so long as the named sysctl variable is present in the limit set, 1281608c46eSMark Johnstonregardless of its access rights. 1291608c46eSMark JohnstonWhen a sysctl variable name is added to a limit set, its MIB identifier is 1301608c46eSMark Johnstonautomatically added to the set. 131edd09a25SMariusz Zaborski.Sh EXAMPLES 1321608c46eSMark JohnstonThe following example first opens a capability to casper, uses this 133edd09a25SMariusz Zaborskicapability to create the 134edd09a25SMariusz Zaborski.Nm system.sysctl 1351608c46eSMark Johnstoncasper service, and then uses the 1361608c46eSMark Johnston.Nm 1371608c46eSMark Johnstoncapability to get the value of 138edd09a25SMariusz Zaborski.Dv kern.trap_enotcap . 139edd09a25SMariusz Zaborski.Bd -literal 140edd09a25SMariusz Zaborskicap_channel_t *capcas, *capsysctl; 141edd09a25SMariusz Zaborskiconst char *name = "kern.trap_enotcap"; 1421608c46eSMark Johnstonvoid *limit; 143edd09a25SMariusz Zaborskisize_t size; 14444bbda64SMark Johnstonbool value; 145edd09a25SMariusz Zaborski 146edd09a25SMariusz Zaborski/* Open capability to Casper. */ 147edd09a25SMariusz Zaborskicapcas = cap_init(); 148edd09a25SMariusz Zaborskiif (capcas == NULL) 149edd09a25SMariusz Zaborski err(1, "Unable to contact Casper"); 150edd09a25SMariusz Zaborski 151edd09a25SMariusz Zaborski/* Enter capability mode sandbox. */ 152edd09a25SMariusz Zaborskiif (cap_enter() < 0 && errno != ENOSYS) 153edd09a25SMariusz Zaborski err(1, "Unable to enter capability mode"); 154edd09a25SMariusz Zaborski 155edd09a25SMariusz Zaborski/* Use Casper capability to create capability to the system.sysctl service. */ 156edd09a25SMariusz Zaborskicapsysctl = cap_service_open(capcas, "system.sysctl"); 157edd09a25SMariusz Zaborskiif (capsysctl == NULL) 158edd09a25SMariusz Zaborski err(1, "Unable to open system.sysctl service"); 159edd09a25SMariusz Zaborski 160edd09a25SMariusz Zaborski/* Close Casper capability, we don't need it anymore. */ 161edd09a25SMariusz Zaborskicap_close(capcas); 162edd09a25SMariusz Zaborski 163edd09a25SMariusz Zaborski/* Create limit for one MIB with read access only. */ 1641608c46eSMark Johnstonlimit = cap_sysctl_limit_init(capsysctl); 1651608c46eSMark Johnston(void)cap_sysctl_limit_name(limit, name, CAP_SYSCTL_READ); 166edd09a25SMariusz Zaborski 167edd09a25SMariusz Zaborski/* Limit system.sysctl. */ 1681608c46eSMark Johnstonif (cap_sysctl_limit(limit) < 0) 169edd09a25SMariusz Zaborski err(1, "Unable to set limits"); 170edd09a25SMariusz Zaborski 171edd09a25SMariusz Zaborski/* Fetch value. */ 17244bbda64SMark Johnstonsize = sizeof(value); 173edd09a25SMariusz Zaborskiif (cap_sysctlbyname(capsysctl, name, &value, &size, NULL, 0) < 0) 174edd09a25SMariusz Zaborski err(1, "Unable to get value of sysctl"); 175edd09a25SMariusz Zaborski 176edd09a25SMariusz Zaborskiprintf("The value of %s is %d.\\n", name, value); 177edd09a25SMariusz Zaborski 178edd09a25SMariusz Zaborskicap_close(capsysctl); 179edd09a25SMariusz Zaborski.Ed 1806c93a2d0SAlan Somers.Sh RETURN VALUES 1816c93a2d0SAlan Somers.Fn cap_sysctl_limit_init 1826c93a2d0SAlan Somerswill return a new limit handle on success or 1836c93a2d0SAlan Somers.Dv NULL 1846c93a2d0SAlan Somerson failure, and set 1856c93a2d0SAlan Somers.Va errno . 1866c93a2d0SAlan Somers.Fn cap_sysctl_limit_mib 1876c93a2d0SAlan Somersand 1886c93a2d0SAlan Somers.Fn cap_sysctl_limit_name 1896c93a2d0SAlan Somerswill return the modified limit handle on success or 1906c93a2d0SAlan Somers.Dv NULL 1916c93a2d0SAlan Somerson failure and set 1926c93a2d0SAlan Somers.Va errno . 1936c93a2d0SAlan SomersAfter failure, the caller must not access the limit handle again. 1946c93a2d0SAlan Somers.Fn cap_sysctl_limit 1956c93a2d0SAlan Somerswill return 1966c93a2d0SAlan Somers.Dv -1 1976c93a2d0SAlan Somerson failure and set 1986c93a2d0SAlan Somers.Va errno . 1996c93a2d0SAlan Somers.Fn cap_sysctl , 2006c93a2d0SAlan Somers.Fn cap_sysctlbyname , 2016c93a2d0SAlan Somersand 2026c93a2d0SAlan Somers.Fn cap_sysctlnametomib 2036c93a2d0SAlan Somershave the same return values as their non-capability-mode equivalents as 2046c93a2d0SAlan Somersdocumented in 2056c93a2d0SAlan Somers.Xr sysctl 3 . 206edd09a25SMariusz Zaborski.Sh SEE ALSO 207edd09a25SMariusz Zaborski.Xr cap_enter 2 , 208edd09a25SMariusz Zaborski.Xr err 3 , 2091608c46eSMark Johnston.Xr sysctl 3 , 210edd09a25SMariusz Zaborski.Xr sysctlbyname 3 , 2111608c46eSMark Johnston.Xr sysctlnametomib 3 , 212edd09a25SMariusz Zaborski.Xr capsicum 4 , 213edd09a25SMariusz Zaborski.Xr nv 9 214421f325eSGordon Bergling.Sh HISTORY 215421f325eSGordon BerglingThe 216421f325eSGordon Bergling.Nm cap_sysctl 217421f325eSGordon Berglingservice first appeared in 218421f325eSGordon Bergling.Fx 10.3 . 219edd09a25SMariusz Zaborski.Sh AUTHORS 220edd09a25SMariusz ZaborskiThe 221edd09a25SMariusz Zaborski.Nm cap_sysctl 222edd09a25SMariusz Zaborskiservice was implemented by 223edd09a25SMariusz Zaborski.An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net 224edd09a25SMariusz Zaborskiunder sponsorship from the FreeBSD Foundation. 225edd09a25SMariusz Zaborski.Pp 226edd09a25SMariusz ZaborskiThis manual page was written by 227edd09a25SMariusz Zaborski.An Mariusz Zaborski Aq Mt oshogbo@FreeBSD.org . 228